6.9
CVE-2025-2201 - Broken access control vulnerability in the Innovación y Cualificación IcProgreso plugin
Broken access control vulnerability in the IcProgress Innovación y Cualificación plugin. This vulnerability allows an attacker to obtain sensitive information about other users such as public IP addresses, messages with other users and more.
9.3
CVE-2025-2200 - SQL injection vulnerability in the Innovación y Cualificación IcProgreso plugin
SQL injection vulnerability in the IcProgreso Innovación y Cualificación plugin. This vulnerability allows an attacker to obtain, update and delete data from the database by injecting an SQL query on the parameters user, id, idGroup, start_date and end_date in the endpoint /report/icprogreso/genera…
9.3
CVE-2025-2199 - SQL injection vulnerability in the Innovación y Cualificación local administration plugin ajax.php
SQL injection vulnerability in the Innovación y Cualificación local administration plugin ajax.php. This vulnerability allows an attacker to obtain, update and delete data from the database by injecting an SQL query in ‘searchActionsToUpdate’, ‘searchSpecialitiesPending’, ‘searchSpecialitiesLinked’…
6.9
CVE-2025-2372 - PHPGurukul Human Metapneumovirus Testing Management System Password Recovery Page password-recovery…
A vulnerability classified as critical has been found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. This affects an unknown part of the file /password-recovery.php of the component Password Recovery Page. The manipulation of the argument username leads to sql injection. It is p…
5.1
CVE-2025-2371 - PHPGurukul Human Metapneumovirus Testing Management System Registered Mobile Number Search register…
A vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /registered-user-testing.php of the component Registered Mobile Number Search. The manipulation of the argu…
0.0
CVE-2025-2400 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
8.6
CVE-2024-12992 - Remote Code Execution leads to Command Injection
Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command Injection via RCE. This issue affects Pandora FMS from 700 to 777.6 .
8.6
CVE-2024-12971 - QuickShell Authenticated Command Injection
Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command Injection.This issue affects Pandora FMS from 700 to 777.6
8.7
CVE-2025-2370 - TOTOLINK EX1800T cstecgi.cgi setWiFiExtenderConfig stack-based overflow
A vulnerability was found in TOTOLINK EX1800T up to 9.1.0cu.2112_B20220316. It has been declared as critical. Affected by this vulnerability is the function setWiFiExtenderConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument apcliSsid leads to stack-based buffer overflow. The a…
8.7
CVE-2025-2369 - TOTOLINK EX1800T cstecgi.cgi setPasswordCfg stack-based overflow
A vulnerability was found in TOTOLINK EX1800T up to 9.1.0cu.2112_B20220316. It has been classified as critical. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument admpass leads to stack-based buffer overflow. It is possible to launch the attac…